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CLAIMS 

1. A method of supporting Hierarchical Mobile IP version 6 (HMIPv6) service 
for a mobile node, characterized by authenticating and authorizing the mobile node for 

5 HMEPv6 service based on an AAA infrastructure, 

2. The method of claim 1, characterized in that said mobile node is roaming in a 
visited network and the AAA infrastructure is linking the visited network with the 
home network of the mobile node. 

10 

3. The method of claim 1 or 2, characterized by transferring HMIPv6-related 
information required for authenticating and authorizing the mobile node for HMIPv6 
service over said AAA infrastructure. 

15 4. The method of claim 3, characterized in that said HMIPv6-related 

information comprises information selected from the group of HMIPv6 authentication, 
authorization and configuration information. 

5. The method of claim 3, characterized by transferring HMIPv6-related 
20 information over said AAA infrastructure for establishing a HMIPv6 security 

association between the mobile node and a Mobility Anchor Point (MAP). 

6. The method of claim 5, characterized by transferring HMEPv6-related 
information over said AAA infrastructure for establishing a HMIPv6 binding for the 

25 mobile node. 

7. The method of claim 6, characterized by transferring HMEPv6-related 
information for HMIPv6 binding in the same round trip as HMIPv6-related 
information for HMIPv6 security association. 

30 
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8. The method of claim 3, characterized by transferring HMIPv6-related 
information in an authentication protocol in an end-to-end procedure between the 
mobile node and an AAA home network server (AAAh). 

5 9. The method of claim 8, characterized in that said authentication protocol is 

an extended authentication protocol. 

10. The method of claim 9, characterized in that said extended authentication 
protocol is an extended Extensible Authentication Protocol (EAP), and said HMIPv6- 

10 related information is incorporated as additional data in the EAP protocol stack. 

11. The method of claim 10, characterized in that said HMIPv6-related 
information is transferred as EAP attributes in the EAP method layer of the EAP 
protocol stack. 

15 

12. The method of claim 10, characterized in that said HMIPv6-related 
information is transferred in a generic container in the EAP protocol stack. 

13. The method of claim 10, characterized in that the extended EAP protocol is 
20 carried by PANA, PPP or IEEE 802. IX between the mobile node and an AAA client 

in the visited network, and by a Diameter or Radius application within the AAA 
infrastructure. 

14. The method of claim 8, characterized in that a MAP is located in the home 
25 network, and HMIPv6-related information is transferred between the mobile node and 

an AAA home network server (AAAh) in the authentication protocol, and HMIPv6- 
related information is transferred between the AAAh and the MAP in a separate 
session of the authentication protocol or within an AAA framework protocol 
application. 

30 
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15. The method of claim 8, characterized in that a MAP is located in the visited 
network, and HMIPv6-related information is transferred between the mobile node and 
an AAA home network server (AAAh) within said authentication protocol, and 
HMIPv6-related information is transferred between the AAAh and the MAP in the 

5 visited network within an AAA framework protocol application. 

16. The method of claim 15, characterized in that said AAA framework protocol 
application is a Diameter or Radius application adapted for HMIPv6. 

10 17. The method of claim 3, characterized in that said HMIPv6-related 

information is transferred in an AAA framework protocol application. 

18. The method of claim 17, characterized in that said AAA framework protocol 
application is a Diameter or Radius application adapted for HMIEV6. 

15 

19. The method of claim 1 or 2, characterized by said AAA infrastructure 
assigning a Mobility Anchor Point (MAP) to the mobile node. 

20. The method of claim 19, characterized in that an AAA infrastructure 
20 component of the home network generates credential-related data for security 

association between the mobile node and the assigned MAP and sends said credential- 
related data to the MAP, the AAA infrastructure home network component generates 
information for finalizing the security association or the MAP responds with 
information for finalizing the security association to the AAA infrastructure home 
25 network component, which sends HMIPv6 authorization information to the mobile 
node over the AAA infrastructure. 

21. The method of claim 19, characterized in that said MAP is located in the 
home network of the mobile node and an AAA home network server (AAAh) 

30 performs MAP assignment, and the AAA home network server (AAAh) generates 
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credential-related data for security association between the mobile node and the 
assigned MAP and sends said credential-related data to the MAP, the AAAh generates 
information for finalizing the security association or the MAP responds with 
information for finalizing the security association to the AAAh, and the AAAh sends 
5 HMIPv6 authorization information including MAP assignment information, binding 
address information and security association information to the mobile node over the 
AAA infrastructure. 

22. The method of claim 19, characterized in that said MAP is located in the 
10 visited network and an AAA visited network server (AAAv) performs MAP 

assignment, and the mobile node sends a MAP assignment request to an AAA home 
network server (AAAh) over the AAA infrastructure, and the AAAh forwards the 
MAP assignment request to the AAA visited network server (AAAv), and the AAA 
home network server generates credential-related data for security association between 

15 the mobile node and the assigned MAP, said credential-related data being transferred 
from the AAAh to the MAP via the AAAv, the AAAh generates information for 
finalizing the security association or the MAP responds with information for finalizing 
the security association to the AAAh via the AAAv, and the AAAh sends HMIPv6 
authorization information including MAP assignment information, binding address 

20 information and security association information to the mobile node over the AAA 
infrastructure. 

23. The method of claim 1, characterized by simultaneously accommodating 
HMIPv6 and MIPv6 authentication and authorization in the same round trip over said 

25 AAA infrastructure. 

24. A system for supporting Hierarchical Mobile IP version 6 (HMIPv6) service 
for a mobile node, characterized by means for authenticating and authorizing the 
mobile node for HMIPv6 service based on an AAA infrastructure. 

30 
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25. The system of claim 24, characterized in that said mobile node is roaming in 
a visited network and the AAA infrastructure is linking the visited network with the 
home network of the mobile node. 

5 26. The system of claim 24 or 25, characterized by means for transferring 

HMIPv6-related information required for authenticating and authorizing the mobile 
node for HMIPv6 service over said AAA infrastructure. 

27. The system of claim 26, characterized in that said HMIPv6-related 
10 information comprises information selected from the group of HMIPv6 authentication, 

authorization and configuration information. 

28. The system of claim 26, characterized by means for transferring HMIPv6- 
related information over said AAA infrastructure for establishing a HMIPv6 security 

15 association between the mobile node and a Mobility Anchor Point (MAP). 

29. The system of claim 28, characterized by transferring HMIPv6-related 
information over said AAA infrastructure for establishing a HMIPv6 binding for the 
mobile node. 

20 

30. The system of claim 29, characterized by means for transferring HMIPv6- 
related information for HMIPv6 binding in the same round trip as HMIPv6-related 
information for HMEPv6 security association. 

25 31. The system of claim 26, characterized in that HMIPv6-related information is 

transferred within an authentication protocol in an end-to-end procedure between the 
mobile node and an AAA home network server (AAAh). 

32. The system of claim 31, characterized in that said authentication protocol is 
30 an extended authentication protocol. 
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33. The system of claim 32, characterized in that said extended authentication 
protocol is an extended Extensible Authentication Protocol (EAP), and said HMIPv6- 
related information is incorporated as additional data in the EAP protocol stack. 

34. The system of claim 33, characterized in that said HMIPv6-related 
information is transferred as EAP attributes in the EAP method layer of the EAP 
protocol stack. 

35. The system of claim 33, characterized in that said HMIPv6-related 
information is transferred in a generic container in the EAP protocol stack. 

36. The system of claim 33, characterized in that the extended EAP protocol is 
carried by PANA, PPP or IEEE 802. IX between the mobile node and an AAA client 
in the visited network, and by a Diameter or Radius application within the AAA 
infrastructure. 

37. The system of claim 31, characterized in that a MAP is located in the home 
network, and HMIPv6-related information is transferred between the mobile node and 
an AAA home network server (AAAh) in the authentication protocol, and HMIPv6- 
related information is transferred between the AAAh and the MAP in a separate 
session of the authentication protocol or within an AAA framework protocol 
application. 

38. The system of claim 31, characterized in that a MAP is located in the visited 
network, and HMIPv6-related information is transferred between the mobile node and 
an AAA home network server (AAAh) within said extended authentication protocol, 
and HMIPv6-related information is transferred between the AAAh and the MAP in the 
visited network within an AAA framework protocol application. 
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39. The system of claim 38, characterized in that said AAA framework protocol 
application is a Diameter or Radius application adapted for HMEPv6. 

40. The system of claim 26, characterized in that said HMIPv6-related 
5 information is transferred in an AAA framework protocol application. 

41. The system of claim 40, characterized in that said AAA framework protocol 
application is a Diameter or Radius application adapted for HMIPv6. 

10 42. The system of claim 24 or 25, characterized by said AAA infrastructure 

being configured for assigning a Mobility Anchor Point (MAP) to the mobile node. 

43. The system of claim 42, characterized in that an AAA infrastructure 
component of the home network comprises: 

15 means for generating credential-related data for security association between 

the mobile node and the assigned MAP; and 

means for sending said credential-related data to the MAP, and receiving 
information from the MAP for finalizing the security association; and 

means for sending HMIPv6 authorization information to the mobile node 
20 over the AAA infrastructure. 

44. The system of claim 42, characterized in that said MAP is located in the 
home network of the mobile node and an AAA home network server (AAAh) is 
configured for performing MAP assignment, and the AAA home network server 

25 (AAAh) further comprises: 

means for generating credential-related data for security association between 
the mobile node and the assigned MAP; 

means for sending said credential-related data to the MAP, and receiving 
information from the MAP for finalizing the security association and binding address 
30 information; 
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means for sending HMD?v6 authorization information including MAP 
assignment information, binding address information and security association 
information to the mobile node over the AAA infrastructure. 

5 45. The system of claim 42, characterized in that said MAP is located in the 

visited network and an AAA visited network server (AAAv) is configured for 
performing MAP assignment, and the AAA home network server (AAAh) further 
comprises: 

means for forwarding a MAP assignment request received over said AAA 
10 infrastructure from the mobile node to the AAA visited network server (AAAv); 

means for generating credential-related data for security association between 
the mobile node and the assigned MAP; 

means for sending said credential-related data to the MAP via the AAAv, 
and receiving, from the MAP via the AAAv, information for finalizing the security 
15 association and binding address information; and 

means for sending HMDPv6 authorization information including MAP 
assignment information, binding address information and security association 
information to the mobile node over the AAA infrastructure. 

20 46. The system of claim 24, characterized by means for simultaneously 

accommodating HMIPv6 and MIPv6 authentication and authorization in the same 
round trip over said AAA infrastructure. 

47. An AAA home network server for supporting Hierarchical Mobile IP 
25 version 6 (HMIPv6) service for a mobile node, characterized by: 

means for generating credential-related data for security association between 
the mobile node and an assigned Mobility Anchor Point (MAP); and 

means for sending said credential-related data to the MAP, and receiving 
information from the MAP for finalizing the security association; and 
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means for sending HMIPv6 authorization information including security 
association information to the mobile node. 

48. The AAA home network server of claim 47, characterized in that said mobile 
node is roaming in a visited network, and said means for sending HMIPv6 
authorization information is operable for sending the information over an AAA 
infrastructure linking the visited network with the home network of the mobile node. 

49. The AAA home network server of claim 48, characterized in that said AAA 
home network server is configured for receiving, from the MAP, information for 
finalizing the security association as well as binding address information, and said 
means for sending HMIPv6 authorization information over the AAA infrastructure is 
configured for sending HMIPv6 authorization information including MAP assignment 
information, binding address information and security association information to the 
mobile node. 

50. A Mobility Anchor Point (MAP) node for supporting Hierarchical Mobile IP 
version 6 (HMIPv6) service for a mobile node, characterized by: 

means for interacting with an AAA home network server for supporting the 
establishment of a security association between the mobile node and the MAP; 

means for receiving credential-related data from the AAA home network 
server; and 

means for sending information for finalizing the security association to the 
AAA home network server. 

51. The MAP of claim 50, further characterized by means for assigning a 
binding address in said MAP in response to a binding update from the mobile node, 
and for establishing a HMTPv6 binding in said MAP based on the assigned binding 
address and address information received in the binding update. 



